Announcing Security Validation for Kubernetes and Containers

The Red Report 2024

The Top 10 MITRE ATT&CK Techniques Used by Adversaries

DOWNLOAD

Keeping pace with digital transformation can be exhausting for cyber security professionals. As organizations adopt new technologies and migrate workloads to the cloud, security teams must respond quickly to minimize the risks and to avoid being perceived as a barrier to innovation.

One consequence of organizations embracing the latest cloud-native technologies has been a large rise in containerization — the deployment of applications in containers. Containers offer a lightweight, scalable, and portable way to run applications in the cloud. 

Central to the adoption of containers has been Kubernetes - an open-source platform that emerged as the de-facto choice for container orchestration.

Despite the benefits, the dynamic and complex nature of containers and Kubernetes (also known as K8s) can create new security exposures. Container security gaps caused by misconfigured settings are commonplace, and new application deployments can introduce new risks, further increasing the likelihood of incidents. Without a proactive approach to governance, security risks can easily outweigh any operational advantages.

 

More than two-thirds of Kubernetes users (67%) have delayed application deployments due to security concerns.

Source: Redhat, State of Kubernetes Report 2023

 

 

Introducing Security Validation for Kubernetes

To alleviate the challenge of securing containers and increase assurance that cloud workloads are secure, Picus is excited to introduce security validation for Kubernetes. This new release extends the security validation capabilities of the Picus platform even further, empowering security and DevOps teams to identify and address container security risks proactively and with less manual effort.

In accordance with Center for Internet Security benchmarks, Kubernetes validation identifies critical risks across containerized environments, inclusing nodes, pods and policies. It also provides mitigation recommendations to address them. Among the risks it can identify include:

Misconfigured policies

Role-based access misconfigurations and overly permissive policies, such as running containers with root permissions, can enable attackers to escalate privileges and gain access to sensitive data and services.

Network configurations

Inadequate network segmentation and the application of default network settings, such as allowing pods in a cluster to communicate with each other, can increase attackers’ opportunities to move laterally.

Control Plane exposures

Misconfigurations affecting Kubernetes secrets, certificates, and roles can all be exploited by attackers to further their objectives.

Kubernetes

A Single Validation Platform for Clouds and Containers

Kubernetes validation forms part of Picus Cloud Security Validation, which delivers cloud security posture management and cloud attack simulation for Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). From a single dashboard, view security risks across your environments and get mitigation recommendations to address gaps quickly and effectively. 

By simulating cloud-specific attacks, understand if mitigations are effective and increase awareness of how attackers could seek to elevate privileges.   

Start Your Cloud Validation Journey Today

Don’t let cloud security risks slow down your business. Learn how Picus can help you to ensure the ongoing resilience of your workloads and keep pace with digital transformation. 

Contact our team for more information about the benefits of consistent security validation and to see a personalized demonstration of our security validation platform in action.

You can also sign up to attend our forthcoming webinar on July 11th: Beyond Cloud Security Posture Management: Validating Cloud Effectiveness with Attack Simulation